M312753 八、新型說明: 【新型所屬之技術領域】 本創作係有關於一種加密保護之隨身儲存裝置,尤指—種I ^ 如隨身碟之隨身儲存裝置,及具有加密驗證保護與矣效 '、 …、貝料輸出之隨 身儲存裝置。 【先前技術】 按’快閃記憶體廣泛使用於電腦主機或消費性‘ Ρ %丁座口口中,例如: 習知隨身碟、MP3播放器中之快閃記憶體,即為最常見之快門i — 應用場合,然而,習知之隨身碟與MP3播放器等隨身儲存穿置=體 有效及安全的保護措施,使習知之隨身碟舆_播放器等隨身館= 置内部所儲存之重要資料或個人私密資料極易因此而外漏,例如子: 身碟與MP3播放器遺失或遭竊,導致該隨身儲存裝置内部所館存之= 要資料或個人私密資料被他人隨意讀取利用或散播,造成隨身 置於使用上之不便及困擾。 、 在相關之先前專利技術文獻方面,如中華民國專利 =咖號「具安全保_之_」發__,揭^ 咖保魏姆鍋姆娜嶋,#峨^ 限於在_稱之即_或_通訊之平台,無法讓議在單細 用之狀恶下進行保密應用及運作之效果。 存媒^ ’ =_公_28期號「具有高度保密之可攜式儲 於娜/職’職示麵身虹加設蝴咖輯之加密措 二_使_攜_存裝置加設生物特徵辨識保 曰也以防止貝科外漏,但其缺點為該可攜式之生物辨識感應器及 M312753 微處理器加設於如隨身碟或MP3_等可攜輪媒體表面,則使 =可攜式儲存媒體之成本增加,且該生物辨識感應器因應需採集使用 者生物特徵而外露於隨身碟或廳播放器等可攜式儲存裝置外部,而 極易_或外界温度影響而產生誤判,並且,_損或碰撞而損 — 壤’城隨«或聰歡轉謂式儲麵體内部龍辦或永久 無法讀取及無法立即察覺保密驗證故障之問題。 • 【新型内容】 緣此’本創作之主要目的即是在於提供一種加密保護之隨身儲存 裝置’ _是可以提供精確纽之讀寫龍域贿身儲存裝置加密 . 措施。 本創作之再-目的,岐在提供—種加密保護之隨身館存裝置, 尤其是可以在驗證失敗或故障時輸出無效_,喃吏用者分辨驗證 失敗或故障狀態。 % 本創作之又一目的,即是在於提供一種加密保護之隨身儲存裝 置,不必加設昂貴之生物辨識微處理器與感應器,可相對降低產品成 本,及使保密措施之驗證永久有效精準。 為達上述之目的,本創作之加密保護之隨身儲存裝置,係包含一 、記憶體介面連結至-資料讀寫主機,以自㈣讀寫主機輸人解密資訊 • 猶為輸ili資料給資觸冑主機之介面;_絲⑽單元連結記憶體 介面,以記錄資料保護之狀態;至少一保密控制單元連結保密提昇單 元’以驗證資料保密密碼或訊號並發出開啟或關閉控制訊號;一保護 閘門單元連結保密控制單元及記憶體介面,以受保密控制單元之開啟 6 M312753 或關閉控制訊號開而開啟或關閉該保護資料是否通行至記憶體介面; 以及至少-麵資祕塊及無效資料區塊連結賴,單元,該保護 資料區塊於保護_單元開啟_啟輸出給龍讀寫主機,該無效資 料區塊於賴閘Π單7G麵時開啟,輪出無效資料給資料讀寫主機, 以達到使隨身儲存裝置可以翻精4及永久有效保密措施之功效。 【實施方式】 首先請參閱第-圖所示,為本創作之加密保護之隨身儲存裝置1〇〇 之第-實施例,其中,該隨身儲存裝置⑽係包含—記憶體介面1〇、 -保密提昇單元2〇、至少—健控鮮元3()、—賴訓單元如以 及至乂保遵資料區塊5〇及無效資料區塊60,該記憶體介面1〇係連 多口 ^料項寫主機200 ’該資料讀寫主機2〇〇之型態不限,在本創作中 係列舉以鶴域為其·之例,其他辦效可讀寫記憶元件之主機 裝置當屬本創作之主張齡。藉以使龍讀寫域得以將解密資 訊經記憶齡面1〇私鑛身齡裝置⑽内,以及麟身儲存裝置 1〇〇内之資料經由記憶體介面1〇送入資料讀寫主機2〇〇内,即作為輸 出給貝料項寫主機2〇〇之介面,該資料讀寫主機2⑻之解㈣訊可經 由預先儲存於資料讀寫主機欧絲程式或應用軟體來加以產生。 上逑之保密提昇單元2〇連結該記憶體介面1〇,以記錄資料保護之 狀態,即上述資料讀寫主機200之解密資訊驗證過程及狀態。 上述之保密控制單元30連結該保密提昇單元20,以接受來自該資 料讀寫主機200之解密資訊及進行保密驗證,該驗證資料如解密金鑰 或驗證程式均可預先儲存於該保密控制單元3G中,於解密資訊輸入後 M312753 即自動驗證,並將驗證結果與狀態儲存於上述保密提昇單元20中,且 保密控制單元30根據該保密驗證結果產生一開啟或關閉之控制訊號 31輸出至保密提昇單元2〇。 上述之保護閘門單元40連結上述之記憶體介面1〇及保密提昇單 το 20 ’其中,該保護閘門單元4〇根據保密控制單元3〇產生輸出且經 保密提昇單元20輸出之控制訊號31控制而作開啟或關閉,以使保護 閘門單元40與資料讀寫主機200間形成開啟連通或關閉之狀態。 上述之保護資料區塊50及無效資料區塊60,連結該保護閘門單元 4〇,以使該保護資料區塊50及無效資料區塊6〇受該保護閘門單元4〇 之控制,該保護資料區塊50内儲存受保護之資料,該無效資料區塊6〇 内儲存如隨機亂碼、警告訊息等無效資料,以根據保護閘門單元4〇之 開啟或關閉狀態,而控制保護資料區塊5〇及無效資料區塊6〇兩者之 開啟或關閉,例如:當驗證資訊正確,該保護關單元⑽為開啟狀態, 此%該保遵資料區塊50内之被保護資料可以透過保護閘門單元4〇、記 憶體介面10而輸出至資料讀寫主機—中,此時該無效資料區塊 則關閉不輸出任何資料。 反之,當保密控制單元30驗證該來自資料讀寫單元2〇〇之解密資 訊為錯誤時,該保護閘門單元40為酬狀態,此時該保護資料區塊5〇 内之被保護資料不會透過保護閘門單元⑽、記憶體介面1〇輸出至資料 讀寫主機2GG中,此時該無效資料區塊6〇關啟而輪·隨機亂碼、 警告訊無效龍轉賴門單元4〇航倾介面1Q輪出至資料 讀寫主機200 t,使資料讀寫主機200得到隨機亂碼、警告訊息等無 效資料。 〜,… M312753 請再配合第二圖所示,為本創作之隨身儲存裝置100第二實施例, 其中,顯示包括該若干個之保密控制單元30、30A及30B與若干個之 保濩資料區塊50、50A及50B,該保密控制單元30對應保護資料區塊 50,該保密控制單元3GA對應保護資料區塊5QA,該保密控制單元郷 對應保€資料區塊5GB,即各個保護資料區塊5G、5()A及遞可以擁 有各自之保始、驗證金餘或資訊,例如··設定每個保護資料區塊5〇、5〇a 及50B各有一組所屬之驗證密碼或機制,如果該資料讀寫主機只有輸 入相對保護資料區塊50之解密資訊,則只能讓保護資料區塊5〇之資 料被輸出至資料項寫主機200中,其他之保護資料區塊^qa及sqb内 之資料則不會被輸出至資料讀寫主機200内,同理可得,該保護資料 區塊50A及50B也可以透過資料讀寫主機2〇〇發出相對之解密資訊而 得到相對開啟使用。 在以上第一圖〜苐一圖中所示本創作之加密保護之隨身儲存裝 置,其申所揭示的相關說明及圖式,係僅為便於闡明本創作的技術内 容及技術手段,所揭示較佳實施例之一隅,並不而限制其範傳,並且, 舉凡針對本創作之細部結構修飾或元件之等效替代修飾,皆不脫本創 作之創作精神及範疇,其範圍將由以下的申請專利範圍來界定之。 【圖式簡單說明】 第一圖係本創作之加密保護之隨身儲存裝置之第一實施例的電路 方塊圖; 第二圖係本創作之加密保護之隨身儲存裝置之第二實施例圖。 【主要元件符號說明】 100 隨身儲存裝置 10 記憶體介面 M312753 20 保密提昇單元 30 30A 保密控制單元 30B 31 控制訊號 40 50 保護資料區塊 50A 50B 保護貧料區塊 60 200 資料讀寫主機 保密控制單元 保密控制單元 保護閘門單元 保護資料區塊 無效貧料區塊M312753 VIII. New Description: [New Technology Area] This creation is about a portable storage device for encryption protection, especially for I ^ such as a portable storage device with a flash drive, and with encryption verification protection and efficiency. ..., the portable storage device for shell material output. [Prior Art] Press 'Flash Memory is widely used in computer mainframe or consumer' Ρ % 丁 口 mouth, for example: the flash memory in the conventional flash drive, MP3 player, is the most common shutter i - Application, however, the portable storage and other portable storage devices such as the portable flash drive and the MP3 player are effective and safe protection measures, so that the portable flash drive, such as the portable device, the portable device, etc. Private information can easily leak out, for example, the loss and theft of the body and the MP3 player, resulting in the storage of the information stored in the portable storage device or the private data being arbitrarily read or used by others, resulting in It is inconvenient and troublesome to put it with you. In the relevant prior patent technical literature, such as the Republic of China patent = coffee number "has security _ _" issued __, Jie ^ 咖保魏姆锅姆娜嶋, #峨^ is limited to _ called _ Or the platform of _communication, can not let the effect of confidential application and operation in the case of single use. Storage media ^ ' = _ public _ 28 issue "has a highly confidential portable storage in the Na / job" job face body rainbow plus set up the coffee coffee encryption method _ _ _ _ _ storage device add biometrics The identification of the protection also prevents the Beco from leaking, but the disadvantage is that the portable biometric sensor and the M312753 microprocessor are added to the surface of the portable wheel media such as a flash drive or MP3_, so that = portable The cost of the storage medium is increased, and the biometric sensor is exposed to the outside of the portable storage device such as a flash drive or a hall player, and is easily misjudged by external temperature influence, and , _ loss or collision and damage - the soil 'city with the « or Cong Huan said that the inside of the storage surface of the dragon or permanent can not read and can not immediately detect the problem of confidential verification failure. [New content] This is the reason The main purpose is to provide a cryptographically protected portable storage device' _ is able to provide accurate reading and writing of the dragon domain bribe storage device encryption. Measures. The purpose of this creation - the purpose of providing - encryption protection Storage device, especially It can output invalid _ when the verification fails or fails, and the user can distinguish the verification failure or the fault status. % Another purpose of this creation is to provide a cryptographically protected portable storage device without having to add expensive biometrics. The processor and the sensor can relatively reduce the product cost, and make the verification of the security measure permanent and effective. For the above purpose, the encryption protection portable storage device of the present invention includes: a memory interface to the data reading Write the host to read and write the host to decrypt the information from the (four) read and write host • The interface for the input of the ili data to the host; _ silk (10) unit to connect the memory interface to record the status of data protection; at least one security control unit link confidentiality The lifting unit 'is to verify the data security password or signal and issue a control signal to turn on or off; a protection gate unit is connected to the security control unit and the memory interface to be turned on or off by the opening of the security control unit 6 M312753 or the closing control signal. Protect the data to the memory interface; and at least - face secrets and invalid data Block connection, unit, the protection data block in the protection _ unit open _ start output to the dragon read and write host, the invalid data block is opened when the Π gate Π single 7G surface, the invalid data is turned to the data read and write host In order to achieve the effect of enabling the portable storage device to be refurbished 4 and permanently effective security measures. [Embodiment] First, please refer to the first embodiment of the portable storage device for encryption protection of the present invention. The portable storage device (10) includes a memory interface 1 , a security enhancement unit 2 , at least a health control 3 ( ), a training unit, and a data block 5 Invalid data block 60, the memory interface 1 〇 多 多 ^ ^ ^ 写 写 写 写 ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' For example, other host devices that can handle readable and writable memory components are claimed by the author. In order to enable the Dragon Read and Write Domain to send the decrypted information to the data reading and writing host via the memory interface 1 via the memory interface 1 (10) and the data stored in the storage device. In the internal interface, as the output to the host item 2 interface, the data read and write host 2 (8) solution (4) can be generated by pre-storing the data read and write host OS program or application software. The security enhancement unit 2 of the upper node connects the memory interface 1 to record the status of data protection, that is, the decryption information verification process and status of the data reading and writing host 200. The security control unit 30 is connected to the security promotion unit 20 to receive decryption information from the data read/write host 200 and perform security verification. The verification data such as a decryption key or a verification program may be pre-stored in the security control unit 3G. After the decryption information is input, the M312753 automatically verifies, and the verification result and the status are stored in the security promotion unit 20, and the security control unit 30 generates an open or closed control signal 31 according to the confidential verification result to output the security promotion. Unit 2〇. The protection gate unit 40 is connected to the memory interface 1 and the security enhancement unit το 20 ', wherein the protection gate unit 4 is controlled according to the security control unit 3 and is controlled by the control signal 31 output by the security promotion unit 20. It is turned on or off to form a state in which the protection gate unit 40 and the data read/write host 200 are opened or closed. The protection data block 50 and the invalid data block 60 are connected to the protection gate unit 4〇, so that the protection data block 50 and the invalid data block 6 are controlled by the protection gate unit 4,, the protection data. The protected data is stored in the block 50, and the invalid data block 6 stores invalid data such as random garbled codes and warning messages to control the protected data block according to the opening or closing state of the protection gate unit 4〇. And the invalid data block 6〇 is turned on or off, for example, when the verification information is correct, the protection off unit (10) is turned on, and the protected data in the protected data block 50 can pass through the protection gate unit 4 The memory interface 10 is output to the data read/write host-center. At this time, the invalid data block is closed and no data is output. On the other hand, when the security control unit 30 verifies that the decrypted information from the data reading and writing unit 2 is an error, the protection gate unit 40 is in a paid state, and the protected data in the protected data block 5 is not transmitted. The protection gate unit (10) and the memory interface 1〇 are outputted to the data reading and writing host 2GG. At this time, the invalid data block 6 is turned off and the wheel is randomly garbled, the warning message is invalid, the dragon is turned to the door unit 4, the navigation interface 1Q The data is read and written to the host 200 t, so that the data read/write host 200 obtains invalid data such as random garbled characters and warning messages. ~,... M312753 Please cooperate with the second embodiment to show the second embodiment of the portable storage device 100 of the present invention, wherein the plurality of security control units 30, 30A and 30B and a plurality of security data areas are displayed. Blocks 50, 50A and 50B, the security control unit 30 corresponds to the protection data block 50, the security control unit 3GA corresponds to the protection data block 5QA, and the security control unit 郷 corresponds to the protection data block 5GB, that is, each protection data block 5G, 5()A and delivery can have their own insurance, verification amount or information, for example, ·Set each protection data block 5〇, 5〇a and 50B to have a corresponding verification password or mechanism, if The data read/write host can only output the data of the protection data block 5 to the data item write host 200, and the other protection data blocks ^qa and sqb. The data will not be output to the data reading and writing host 200, and the same can be obtained. The protection data blocks 50A and 50B can also be relatively opened and used by the data reading and writing host 2 to issue relative decryption information. The related description and illustrations of the cryptographically protected portable storage device of the present invention shown in the above first figure to the first figure are only for clarifying the technical content and technical means of the present creation, and the disclosure is One of the preferred embodiments does not limit its circumstance, and the details of the modification of the details of the creation or the equivalent substitution of the components are not deviated from the creative spirit and scope of the creation, and the scope will be patented as follows. The scope to define it. BRIEF DESCRIPTION OF THE DRAWINGS The first figure is a circuit block diagram of a first embodiment of a cryptographically protected portable storage device of the present invention; the second figure is a second embodiment of the cryptographically protected portable storage device of the present invention. [Main component symbol description] 100 Portable storage device 10 Memory interface M312753 20 Security lifting unit 30 30A Security control unit 30B 31 Control signal 40 50 Protection data block 50A 50B Protection poor block 60 200 Data read and write host security control unit Security control unit protection gate unit protection data block invalid poor block
1010